WordPress Plugin Vulnerabilities

Fluent Support – Helpdesk & Customer Support Ticket System < 1.8.6 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

Description

The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/fluent-support directory which can contain file attachments included in support tickets.

Affects Plugins

Plugin icon
fluent-support
Fixed in 1.8.6

References

CVE
CVE-2024-13568
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/17f40832-8ae5-443a-aa98-f0e61d1152cc

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Tim Coen
Verified
No
WPVDB ID
f860169f-0ada-4670-a6d9-65ad7f7fd814

Timeline

Publicly Published
2025-02-28 (about 1 year ago)
Added
2025-02-28 (about 1 year ago)
Last Updated
2025-03-03 (about 1 year ago)

Other

Published
Title
Published
2025-06-27
Title
Accept Stripe Payments Using Contact Form 7 < 3.1 - Unauthenticated Information Exposure
Published
2025-11-12
Title
Comment Edit Core – Simple Comment Editing < 3.2.0 - Unauthenticated Sensitive Information Exposure
Published
2025-10-10
Title
Code Quality Control Tool < 2.2 - Unauthenticated Information Exposure via Log Files
Published
2023-11-06
Title
Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure
Published
2025-11-04
Title
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce < 3.6.4.2 - Unauthenticated Sensitive Information Exposure